reloads data when back button clicked in authorized page

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
vani
Forum Newbie
Posts: 1
Joined: Tue May 30, 2006 3:14 am

reloads data when back button clicked in authorized page

Post by vani »

Jcart | Please use

Code: Select all

and

Code: Select all

tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read:  [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url] to learn how to do it too.[/color]


Hi all,

I am running Linux and I want to work with no cookies

I have configured PHP as

session.use_cookies =0                 session_use_only_cookies = 0
session.use_trans_sid =0              sess_nmae = PHPSESSID
register_global = Disable.

Since session.use_trasn_sid =0 I have taken care to add all the session id to the url by my self.

I have page for authorized user with session.

The code works just fine for the all the authication and data, but when user logout all my session data and session is destroyed  but if I click back button from the browser then data is reloaded with different session_id.

Can some one suggest me how to stop this, when user clicks back button they are asked to login again and login form shd apprear.

I read some of the problem people say that we have to make client side cache to null or Cache_limiter = nocache. etc
But nothing is working.


The codes goes like this.

I have a main page called main.php.
From main page all the other files are called.

/* ------------------ Main.php ----------------- */

Code: Select all

<?php

// since all the file are through this main page session_start is the first line
session_start();

Check file name
$filename = array("list.php", "details.php", "authorized.php","search.php","index.php");

if(filename exist in array)
include ("filename.php");
else
include("index.php");
?>

/*---------------Authorized.php------------ */

<?php
if(submit button is not null)
{ query = "check database and see if user and password is correct";
if(user and password is correct)
{ ->then show the DETAILS
->Logout button to destroy session and session variable
}
elseif(user and password is not correct)
{ show LOGIN FORM;
}
} // close if submit button is not null

elseif(submit button is null)
{ show LOGIN FORM;
} //close if submit button is not null
?>
so when the back button is clicked then enter data is posted back to authorized page and code works and DETAILS are displayed.

I tried to clear client cache by adding a line in main.php. But I guess that was not so helpful
Could some one help me with this.

Thank you
Vani


Jcart | Please use

Code: Select all

and

Code: Select all

tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read:  [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url] to learn how to do it too.[/color]
User avatar
A1phanum3ric
Forum Newbie
Posts: 9
Joined: Tue May 30, 2006 6:26 am
Location: Torbay, UK

Post by A1phanum3ric »

Hi Vani.

I have built a few login/authorisation pages before and here's how I do it. I have a login page, a function page and a secure page (which you must be logged in to view). The function page is included in only the secure pages. The general look of the function page is as follows:

Code: Select all

<?php
// function page

// Start the session
session_start();

// If there's no 'logged_in' session variable set
if(!isset($_SESSION['logged_in'])){
  // Force the client to go to the login page
  header("Location: login.php");
}
The above code is always at the top of the function page, and included as the first line on the secure pages. The login page will look like something below:

Code: Select all

<?php
// login page

// If the client has attempted a login
if($_GET['action'] == 'login'){
  // If the credentials match that of a user with authority
  if($_POST['Username'] == $sUsername && $_POST['Password'] == $sPassword){
    // Start the session
    session_start();
    // Set the session variable
    $_SESSION['logged_in'] == true;
    // Force client to secure page
    header("Location: secure.php");
  }
}
That will set the session, and forward them onto the secure page. The last thing to do is create a function that will destroy the session 'logged_in' and redirect to the login page. Then when they click the back button, the secure page will execute the code in the function page, which firstly checks for the existance of the session variable 'logged_in' and if it's not set, they will end up back at the login page.

Hope this makes sense!

Ed.
Post Reply